The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

Business Email Compromise (BEC) is a form of phishing attack wherein the cyber criminal impersonates an executive and attempts to get an employee, customer, or vendor to transfer funds or sensitive information. The Federal Bureau of Investigation defines BEC as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

The potential targets of this attack are businesses and personnel using open source email and individuals responsible for handling wire transfers within a specific business. The method used is spoofing emails that closely mimic a legitimate email request and fraudulent email requests for a wire transfer.

Some of the most common ways that BEC can use to defraud targets is through the use of bogus invoicing scams to compromise employee account to request a change in payee information, transferring payment to the cyber criminal’s account; in CEO fraud scam, the criminal pretends to be an executive and requests from the human resource or finance department employee make an emergency payment; in an employee account compromise, the attacker might send an invoice to partner vendors; an attorney’s email identity might be used to pressure for payments, claiming to be handling time-sensitive, confidential matters and requesting immediate payment; and data theft wherein the email of role-specific employees in the company being compromised and then used to send requests not for fund transfer but for personally-identifiable information of other employees an executives which can serve as a jump-off point for more damaging BEC attacks against the company itself.

RECOMMENDATION

PNP personnel and the public are advised to follow the best practices to protect themselves from the Business Email Compromise attack:

Avoid using free web-based email as much as possible; make use of company email accounts

Be extra careful on posting information to social media accounts and company websites

Be cautious on change requests pertaining to wire transfer

Disable the Universal Plug and Play on your devices

Establish more than one communication channel to verify significant transactions

Immediately delete unsolicited email from unknown senders

Forward emails and include the correct email address to ensure the intended recipient receives the email.

Remain vigilant of sudden changes to business practices

For additional information, please refer to the following websites:

www.fbi.gov

https://blog.barkly.com

https://www.proofpoint.com

POINT OF CONTACT

Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru email address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.